Joomla! Discussion Forums

Hello All,

My site has both a public and a private area, meaning that the public area should work with http and the private area with https, but it doesn't. The content of the private area is for registered users only , and the security in the login is very important.

The apache server has been configured to work like this (i've check it several times), which means that the problem resides in the joomla configuration, more precisely in the $mosConfig_live_site variable.

If the value of the $mosConfig_live_site variable is www.mysite.com the site became crazy...
if the value is http://www.mysite.com all the site works using http, and the security of the private area is lost...
if the value is https://www.mysite.com I can access to the site using http (for the first time) but once I select any item, I am again accessing via https and getting problems with the certificate all the time...

The solution would be to switch between http and https as became necessary... I have tried something similiar to the solutions explained in http://forum.joomla.org/viewtopic.php?f=267&t=111332&hilit=https+access and http://forum.joomla.org/viewtopic.php?f=267&t=118767&hilit=ssl+https but it doesn't work for me... maybe there is something i'm missing in that sense.


Any idea about how to solve this problem? All the ideas will be welcome.


P.D: The version of Joomla I'm using is 1.0.11

Thanks in advance.

Cheers,

Cristina

sort out this security risk before you get involved in anything else

Yes, you have posted in the right section. You definitely have a Security problem, that version is way way past its Use-By-Date.

Joomla! 1.0.11 came out on Monday 28th August 2006 !!! That versions Use-By-Date was defined with the release of 1.0.12:
"Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC "

If you cant see the way clear to move up into the 1.5 world then at the very least install a copy of Joomla! 1.0.15 which was the last release for the Joomla! 1.0 series. At least that will bring your site up to what was safe back on Thursday, 21 February 2008.

I'm aware that the problem were solved with the following versions... but right now I can't take the risk of upgrading the version because I don't have enough time these days.

I would appreciate an alternative solution...

Thanks you.

do you have 15 minutes?

remove your site from the internet and go find something else to do, like play with PSP or something.

if you refuse to upgrade to the latest version then there is no point calling you a website administrator and you probably dont have the time to read this http://docs.joomla.org/Top_10_Stupidest ... tor_Tricks

I think that you have misunderstood my response... I'm not refusing to upgrade the joomla version... it is just that I'm not the Website Administrator, this is not my job... and something that takes 15 minutes to a Website Administrator, would take me ages.

We will upgrade the version in the future, but right now the migration is a risk that we can't take due to the amoung of things that depends on that... that is why I was trying to find an alternative solution...

What is your excuse for giving such rude response?

then who is the website administrator? they should be dealing with the site, show them the link provided. and get them to sort out out the issues with the guidance of the documentaiotn and these forums

upgrade today. to the latest 1.0.15 version

there was no rudeness in that post just straight facts. you asked for an alternative.